UI Enhancer Plugin

Our plugin makes IdentityIQ more
 intuitive secure versatile powerful

Instrumental Identity has created this IdentityIQ plugin, the UI Enhancer plugin, to insert many useful features and security enhancements into the existing user interface.

Watch how it works...

Identity Page Enhancements

The plugin injects a variety of enhancements into the View Identity and Identity Warehouse pages. These are described in the sections below.

All of the Identity page enhancements are calculated server-side, for security purposes. Buttons, fields, or labels that a user should not be able to see are never sent to the browser. The client-side enhancements simply update the existing SailPoint user interfaces.

Action buttons (aka Fancy Buttons)

The Fancy Buttons feature adds custom action buttons to each page in the Identity Warehouse and LCM View Identity pages.

Buttons can be configured to execute virtually any action, including actions usually performed via QuickLink, custom REST API endpoints, and Beanshell scripts.

The Plugin also offers a growing number of out-of-box buttons (shown above), implementing common actions useful to administrators and developers.

  • Full Refresh / Role Refresh / Process Events: Executes an individual Identity Cube Refresh against only the current Identity with different flags set, depending on the button used.
  • Aggregate: Performs a single-account aggregation (getObject) on each of the accounts correlated with the current Identity.
  • Enable/Disable: Enables or Disables the current Identity.
  • Admin Notes: Allows administrators to add permanent admin-only text notes to any Identity. For example, this could be used to describe historical problems with a particular Identity’s accounts for future reference.
  • Add Role/Account/Entitlement: Allows administrators to provision various items to the current user.

Buttons (including the defaults) can be shown or hidden individually, depending on the rights, capabilities, workgroups, or other properties of the logged in IIQ user or the identity being viewed. Button security is always double-checked before allowing the action to proceed, preventing users from simulating a button action via the browser’s developer console.

Buttons can display “Are you sure?” messages when clicked. Buttons can also prompt for justification or other custom data, which can be provided to a Beanshell script (if that is the action your Button uses) once the user enters appropriate responses.

This confirmation screen prompts the user to verify that they wanted to actually do the action.
This confirmation screen also asks for a number of inputs first, with dynamic validation.

Certain provided buttons have custom interfaces, such as the Open Items and Add Entitlement views.

This button can add an arbitrary entitlement to the currently viewed user, useful during development.
This button shows any pending workflows attached to this user, including refresh workflows that are blocking further refreshes of the user. You can delete or forward any work items from this view, or go to the specific page for the TaskResult or Work Item.
You can add any number of buttons with whatever functions suit your needs, without limits.

Advanced and Dynamic Identity Fields

With the plugin: Identity attributes are all dynamically generated and displayed by the Plugin.
Without the plugin: The only attribute shown that SailPoint is rendering in the usual way is User Name. This is the same Identity viewed with the Plugin disabled, showing that none of the Identity attributes are displayed.

The Plugin can inject its dynamic user attributes on both the Identity Warehouse and LCM View Identity pages. This enables a vast array of enhancements not available out-of-box.

The plugin implements attribute-level security! Fields may be shown or hidden individually, depending on the rights, capabilities, workgroups, or other properties of the logged in IIQ user or the identity being viewed. For example, a Higher Ed institution may not want student Help Desk workers to see certain PII fields, while administrators may need to be able to view them. The PII fields could be hidden by excluding a workgroup or capability assigned to students or using a filter matching student identities. This is not a function available in SailPoint IIQ out-of-box.

Displayed values are dynamic! The value shown may reflect an actual Identity or account attribute, or it may be dynamically calculated (as in the “Descriptions” field in the screenshot”) using a Beanshell script. Values may be HTML, or may be arbitrarily styled using custom CSS.

Fields can be grouped into sections, such as the “Demographic Data” section in the screenshot.

Fields can be asynchronous, meaning that the page will load while the field value is calculated in the background. For example, some Instrumental ID customers use this to pull a live user status from a connector. (“Did this user recently change their password?”)

Fields may also have custom help text, displayed when the user hovers over a [?] icon.

Kayleigh's required training is being loaded from another system.
Show some additional information, if the user wants it.

Labels

The Plugin can add labels to the View Identity or Identity Warehouse pages for an individual user. These colored tags can quickly communicate vital information to those viewing the Identity.

Labels showing that the user is Active and that she has pending refresh workflows blocking future refreshes.

Default labels include a status indicator (which can be customized using a Beanshell script) and a warning flag indicating that a refresh workflow is in progress for this user. You may add as many custom labels as you wish.

The "Label Display Text" element is a custom label. This label is only shown in this demo system on users whose first names begin with "A".

Recent Identities

The Plugin adds recently viewed Identities to the “Identities” dropdown menu, as well as breadcrumbs on the Identity Warehouse page. Since your Identity display name may not be unique, the name shown can be customized.

Quickly access the recently viewed user Irma Arrendell using the new Recent section of the drop-down menu.
Breadcrumbs also show the most recently viewed users on the Identity Warehouse search page.

Toolbox

For administrators, the Plugin adds a Toolbox button to the upper right of the user interface.

Click the button to open a panel with a number of useful administrator features. Our intention is to continue adding items to the Toolbox panel as we find them useful.

This is the sliding menu produced by clicking the Toolbox button. It has two action buttons (which should be self-explanatory), as well as live views for recently executed Tasks and Provisioning Transactions. These views can be easily filtered (or disabled entirely).

XML Viewer

For administrators, the Plugin adds a pop-up XML Viewer, triggered by a keypress, to identity, application, role, task result, and other pages. This prevents you from having to go into the Debug page to locate the XML for your object.

This view was triggered by a keypress while viewing a particular identity. The underlined dates (such as 'created') will show a human-readable translation on hover.

Other enhancements

The Plugin adds many other minor enhancements to other parts of the user interface. These are only a few of the many features our plugin offers.

 

Configure a banner message that will be displayed to all logged-in users.
Retry failed provisioning transactions directly from the Admin Console.
Administrators can delete work items (and the associated workflows and requests) directly from the Work Items screen. We will also be adding a cancel button here.
Access recently viewed applications, roles, and other objects from the Recent menu.
Quickly navigate to common pages with shorcut keys.
Export clean object XML directly from the Debug pages.
Our plugins

How to get the plugin

Please contact Instrumental Identity using our Contact form if you are interested in this plugin or any of our other SailPoint IIQ work!

Contact Us
View in Storefront
Book a Demo